|Main Archive Page > Month Archives > ipsec archives|
David Wierbowski writes:
> > So the text most likely should say that "For other values the
> > certificate authority field contents is not defined, and can be
> > anything (or empty) until specifications that specify their contents
> > is published."
> I do not think they can be anything. I think they need to be empty until
> specifications that specify their contents are published.
Thats fine for the sending side, but for recipient it is very hard to know when specification has been published, thus recipient should not reject (or crash) in case it receives certreq having type of x and having something inside the certificate authority field, even though no specification was available when that implementation was created.
Thats why I think it would be safer to say they can be anything, or perhaps more accurate should say they MUST be sent as empty, but recipient MUST be able to handle CERTREQ regardless what there is in the certificate authority field.
But on the other hand I do not think we want to add new MUSTs/SHOULDs etc here, but just say they can be anything (including empty) should be enough. -- email@example.com _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec